Oracle E-Business Suite iSupport Component Vulnerability
CVE-2019-2829

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the iSupport component of Oracle E-Business Suite, impacting multiple versions. This issue allows an unauthenticated attacker with network access to exploit the system via HTTP, necessitating human interaction to succeed. Although primarily located within Oracle iSupport, successful exploitation can lead to unauthorized access to sensitive information and the ability to manipulate Oracle iSupport data, including updates and deletions. Organizations using affected versions should take immediate action to assess and mitigate potential risks.

Affected Version(s)

iSupport 12.1.1 - 12.1.3

iSupport 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018